Are we ready for a cyber-Katrina? How vulnerable is our electronic backbone?
Serious issues raised in a report released today.
Release Date: 6.23.06 Contact:
Business Roundtable Issues Warning on Lack of Preparation to Recover The
Internet Following A Catastrophic Cyber Disruption
Analysis Finds “Significant Weaknesses” that Could Impact Homeland and
Washington, DC – The United States is ill-prepared for a cyber
catastrophe, with significant ambiguities in public and private sector
responses that would be needed to restore and recover the Internet
following a disaster, according to a new Business Roundtable report
“Our nation’s Internet and cyber infrastructure serve as a critical
backbone for the exchange of information vital to our security and our
economy, but our analysis has exposed a significant weakness that could
paralyze the economy following a disaster,” said Edward B. Rust Jr.,
Chairman and CEO, State Farm Insurance Companies and head of the
Roundtable Security Task Force’s working group on cyber security.
“If there’s a cyber disaster, there is no emergency number to call – and
no one in place to respond because our nation simply doesn’t have the
kind of coordinated plan in place that we need to restart and restore
the Internet,” Rust added. “Government and industry must work together
to beef up our cyber-security and recovery efforts.”
The report – Essential Steps Toward Strengthening America’s Cyber
Terrorism Preparedness – is the culmination of a year’s work by top
businesses led by the Roundtable, an association of 160 CEOs of the
nation’s leading companies. Identifying ways to harden the Internet has
been one of the main priorities of the Roundtable’s Security Task Force
because a properly functioning Internet is essential to the continuity
of the nation’s economy.
The report identifies cyber shortfalls similar to the disaster response
problems that occurred following Hurricane Katrina, highlighting three
significant gaps in response plans to restore the Internet:
Inadequate Early Warning System – The U.S. lacks an early warning system
to identify potential Internet attacks or determine if the disruptions
are spreading rapidly.
Unclear and Overlapping Responsibilities – Public and private
organizations that would oversee recovery of the Internet have unclear
or overlapping responsibilities, resulting in too many institutions with
too little interaction and coordination.
Insufficient Resources – Existing organizations and institutions charged
with Internet recovery should have sufficient resources and support. For
example, little of the National Cyber Security Division (NCSD)’s funding
is targeted for support of cyber recovery.
It concludes that the U.S. is not sufficiently prepared for a major
attack, software incident or natural disaster that would lead to
disruption of large parts of the Internet.
“If our nation is hit by a cyber Katrina that wipes out large parts of
the Internet, there is no coordinated plan in place to restart and
restore the Internet,” said John J. Castellani, President of the
Roundtable. “A cyber disaster could have immediate and nationwide
consequences to our nation’s security and economy, and we need to be
better prepared. That’s why advance copies of this report have been
given to the Department of Homeland Security and Congressional leaders.”
Recommendations Made for Government and Businesses to Detect and Respond
to Cyber Disruptions
The report offers recommendations for government and business to improve
identification and assessment of cyber disruptions, to coordinate
responsibilities for Internet reconstitution, and to make needed
investments in institutions with critical roles in Internet recovery.
Response and recovery to a cyber disaster will be different from natural
disasters such as Hurricane Katrina, when the federal government had the
leading role. Industry must undertake principal responsibility following
an incident for reconstituting the communications infrastructure,
including telephone, Internet and broadcast, the Roundtable report
The Roundtable called on the federal government to establish clearer
roles and responsibilities, fund long-term programs, and ensure that
national response plans treat major Internet disruptions as serious
national problems. For example, while the Administration says that it
has authority to declare a cyber emergency and will consult with
business leaders, the report notes it is not clear how this consultation
will occur or what the factors are for declaring an emergency.
Recommendations for the private sector include urging companies to
designate a point person for cyber recovery, update their strategic
plans to prepare for a widespread Internet outage and the impact on
movement of goods and services, and set priorities for restoring
Internet service and corporate communications.
However, the Roundtable noted that the best preparedness for recovering
from a cyber disaster will require government and the private sector to
In one specific recommendation for public-private collaboration, the
Roundtable urged creation of a federally-funded panel of experts who
would assist in developing plans for restoring Internet services in the
event of a massive disruption. In addition, the report suggests that the
Department of Homeland Security and industry conduct large-scale cyber
emergency exercises, with lessons learned integrated into programs and
“We need a national response to this challenge, not separate business
and government responses – and that means better collaboration,”
Castellani said. “Most important, we must start immediately. Because of
the widespread consequences of a massive cyber disruption, our nation
cannot wait until an incident occurs to start planning the response.”